Legal
Privacy Notice
Saral AI · Issued by HeadsIn Connect LLP.
Version 1.2 · Effective April 2026 · Compliant with DPDP Act 2023 + Rules 2025
This Privacy Notice is a standalone document issued in accordance with Rule 3 of the DPDP Rules, 2025. It is designed to be understood entirely on its own, without reference to any other document. It describes what personal data Saral AI collects about you, why, how long it is kept, who can see it, and exactly how you can control or remove it.
If you are a candidate whose profile appears on Saral AI, this notice is for you. If you are a recruiter using Saral AI, a separate Data Processing Agreement governs your obligations at saralhire.ai/legal/dpa.
1. Who we are
This notice is issued by:
| Legal entity | HeadsIn Connect LLP. |
| Platform name | Saral AI |
| Role under the DPDP Act | Data Fiduciary, we determine the purpose and means of processing your personal data. |
| Website | saralhire.ai |
| Privacy contact | privacy@saralhire.ai |
| Privacy Lead | Co-founder, HeadsIn Connect LLP. |
| Registered address | Surat, Gujarat, India |
2. What personal data do we collect about you
In accordance with Rule 3(b)(i) of the DPDP Rules, 2025, the following is an itemised description of each category of personal data Saral AI collects about candidates:
| Category | Specific data points collected | Source |
|---|---|---|
| Identity | Full name, username, profile photo URL | GitHub, LinkedIn, X (publicly visible), and many other platforms. |
| Professional | Job title, current and past employers, location, skills, years of experience, and education | LinkedIn public profile |
| Contact | Email address (publicly listed or data vendors), phone number (data vendors) | GitHub commit data, LinkedIn bio, X bio, Data vendors, third-party enrichment tools (with documented lawful basis) |
| Technical activity | Public repositories, programming languages used, contribution frequency, commit history, stars and forks received | GitHub (public repositories and public profile only) |
| AI-generated | Fit Check score (Yes / No / Sort of verdict), AI-generated summary of profile strengths and gaps, shortlist status against a specific role | Generated by Saral AI from the above data sources. Advisory only, not used to automatically include or exclude you. |
We do not collect Aadhaar numbers, PAN, biometric data, health data, financial data, religious or political beliefs, sexual orientation, or any other sensitive personal information.
3. Why we process your data, purpose and service description
In accordance with Rule 3(b)(ii), the following describes the specific purpose for which each category of data is processed, and the service it enables. Saral AI does not use your data for any purpose not listed here.
| Purpose | Data used for this purpose | Service enabled |
|---|---|---|
| Passive talent sourcing | Identity, professional background, technical activity | Allows recruiters to discover candidates who match an open role, without the candidate having applied |
| Fit Check AI evaluation | All collected data, processed by AI to match against recruiter criteria | Produces an advisory Yes / No / Sort of verdict and plain-English summary to help recruiters shortlist relevant profiles. This is advisory only, not a final hiring decision. |
| Recruiter outreach enablement | Contact data (email, phone) where publicly available | Allows a recruiter to send you a message about a specific job opportunity. This is the only permitted use of your contact data. |
| Platform improvement and data accuracy | All categories, in aggregate and anonymised form only | Improving the accuracy of sourcing results and AI evaluation quality. Only anonymised, aggregated data is used for this purpose; no individual profile is identifiable. |
Your data is never used for: advertising, marketing to you on behalf of third parties, sale to data brokers, insurance or credit scoring, political profiling, employee surveillance, or training of AI models for any purpose other than Saral AI's own sourcing quality.
4. The legal basis for processing your data
Under Sections 3(c)(ii), 4, 5, and 6 of the DPDP Act, 2023, Saral AI processes candidate personal data on the following documented legal bases:
4.1 Public data exemption — Section 3(c)(ii) DPDP Act
Personal data that you have caused to be made publicly available falls outside the scope of the DPDP Act by law. Saral AI relies on this for:
- GitHub: your public username, bio, public repositories, programming languages, contribution graphs, and publicly visible commit activity
- X (Twitter): your public handle, bio, and any contact details you have publicly posted
- LinkedIn: your publicly visible professional profile including name, role, employer, skills, and education
We only rely on this exemption where you deliberately made the data public. We do not rely on it for data that you shared only within a platform's closed community or that was made public without your knowledge.
4.2 Consent — Section 6 DPDP Act
Where Saral AI collects data beyond the public exemption, specifically, enriched email addresses or phone numbers sourced through third-party tools, we require our enrichment vendors to hold their own documented consent chain from you. We do not use the public data exemption for enriched contact data. If you believe enriched contact data about you was collected without a valid legal basis, you have the right to request its deletion immediately.
4.3 What this means in practice
| GitHub public profile | Legal basis: Section 3(c)(ii) public data. You published this by creating a public GitHub account. |
| LinkedIn public profile | Legal basis: Section 3(c)(ii) public data. You published this by creating a public LinkedIn profile. |
| X public profile | Legal basis: Section 3(c)(ii) public data. You published this by making your X account public. |
| Other public professional profiles | Legal basis: Section 3(c)(ii) public data. You made this information publicly available on third-party platforms or personal websites. |
| Enriched email / phone | Legal basis: Vendor-held consent chain, documented via DPA. If you wish to query or remove this, write to privacy@saralhire.ai. |
| AI Fit Check evaluation | Legal basis: Generated from public data using Section 3(c)(ii) source material. Advisory only. |
5. How long we keep your data
In accordance with the purpose limitation and erasure principles under the DPDP Act and Rule 8 of the DPDP Rules, 2025:
| Active candidate profile | Retained while your profile is publicly available on the source platform and has been viewed or shortlisted in the last 12–18 months by an active recruiter on Saral AI. |
| Candidate not engaged | If no recruiter on Saral AI has engaged with your profile in 24 months, your profile may be marked as inactive and removed from recruiter visibility. |
| Pre-deletion notice | Before we delete your profile, we will notify you at least 48 hours in advance at your publicly listed email or contact, giving you the opportunity to object or request that your data be retained. This is required by Rule 8(2) of the DPDP Rules, 2025. |
| Deletion on request | If you submit a removal request, your profile is deleted within 30 days after the 48-hour notice period has passed without objection. |
| Processing logs | Even after your profile is deleted, we are required by Rule 8(3) to retain processing logs (records of who accessed your profile, when, and what actions were taken) for a minimum of one year. These logs do not contain your personal profile data; they record system activity only. |
| Recruiter-held copies | Recruiters who downloaded or exported your profile before deletion must delete their copies within 30 days of your deletion request being confirmed. This obligation survives even after a recruiter's subscription to Saral AI ends (Clause 10.5 of our DPA). |
6. Who can see your data
Saral AI does not sell your data. Access to your profile is restricted as follows:
| Recruiters on Saral AI | HR professionals, talent acquisition leads, and founders who have registered and accepted our Data Processing Agreement, which legally binds them to use your data only for recruitment purposes. They are prohibited from using your data for marketing, resale, or any non-recruitment purpose. |
| Saral AI platform team | Our internal engineering and data team accesses data only as necessary to operate, maintain, and improve the platform. Access is restricted by role and logged. |
| Data enrichment vendors | Only vendors with whom we have executed a Data Processing Agreement, and only to the extent necessary to source or verify contact data. These vendors are contractually prohibited from sharing your data further. |
| Cloud infrastructure providers | Saral AI uses cloud services that may process or store data outside India. Providers operate under data processing agreements aligned with applicable laws, including the DPDP Act. Data location may vary due to infrastructure needs. Saral AI implements reasonable safeguards to ensure data protection across all environments. |
| Legal and regulatory bodies | We may disclose data to the Data Protection Board of India, courts, or law enforcement if required by law. We will notify you if permitted to do so. |
| No one else | We do not share your data with advertisers, data brokers, analytics platforms, social media platforms, political organisations, or any third party not listed above. |
7. Automated evaluation — the Fit Check
Saral AI uses artificial intelligence to generate a “Fit Check” evaluation of your profile against a recruiter's stated role requirements. You have the right to know this is happening, and you have rights to challenge it.
| What it does | The AI analyses your publicly available professional data and produces a verdict (Yes / No / Sort of) and a plain-English summary explaining why your profile does or does not match the role criteria. |
| What it is NOT | The Fit Check is not a final hiring decision. No automated system on Saral AI will hire or reject you without human involvement. Recruiters are contractually required to treat the Fit Check as advisory only. |
| Data used | Your public GitHub activity, LinkedIn profile, X bio, job title, skills, and professional experience. |
| Who sees it | Only the recruiter who ran the specific search. Fit Check results are not shared externally, published, or retained beyond the recruiter's active subscription. |
| Your right to review | You may request a human review of any Fit Check evaluation about you by writing to privacy@saralhire.ai. We will respond within 30 days. |
| Your right to object | You may object to your profile being evaluated by Saral AI's Fit Check system entirely by submitting a removal request at saralhire.ai/remove-my-data. Your profile will be deleted and will no longer appear in search results or evaluations. |
8. Where your data is stored — cross-border transfers
Saral AI's infrastructure may involve processing or storage of data outside India through cloud and related services. In accordance with Section 16 of the DPDP Act, such cross border processing is permitted where not restricted by the Government of India and is governed by data processing agreements with our service providers.
Data may be processed across multiple regions depending on infrastructure, redundancy, and performance requirements. Saral AI does not guarantee or fix specific geographic locations of data processing.
Appropriate technical and organisational safeguards are implemented to ensure a level of data protection consistent with applicable laws.
9. Your rights under the DPDP Act, 2023
The following rights are guaranteed to you by law under the Digital Personal Data Protection Act, 2023. Saral AI is required to facilitate each of them. You do not need to justify your request or provide a reason.
| Right | What it means | How to exercise it |
|---|---|---|
| Right to access (Section 11) | You can ask us what personal data we hold about you, why, and who it has been shared with. | Email privacy@saralhire.ai with subject “Data access request” |
| Right to correction (Section 12) | You can ask us to correct any inaccurate or incomplete data we hold about you. | Email privacy@saralhire.ai with the correction needed |
| Right to erasure (Section 13) | You can ask us to permanently delete all personal data we hold about you. We will send you a 48-hour pre-deletion notice, then delete your profile and instruct all recruiters who accessed it to delete their copies. | Visit saralhire.ai/remove-my-data — name and email only required |
| Right to withdraw consent (Section 6) | You can withdraw any consent given for data processing at any time. Withdrawal is as easy as the original consent — a 2-field form, no account needed. Per Rule 3(c)(i) of the DPDP Rules, 2025, we are prohibited from making withdrawal harder than consent. | Visit saralhire.ai/remove-my-data |
| Right to nominate (Section 14) | You can appoint another person to exercise your data rights on your behalf in the event of your death or incapacity. | Email privacy@saralhire.ai with subject “Nomination request” |
| Right to grievance redressal (Section 13 + Rule 14) | If you have a request regarding your personal data, write to privacy@saralhire.ai. We may require identity verification before processing. We will review and act on valid requests as per applicable law. If you are not satisfied with our response, you may escalate the matter to the Data Protection Board of India. | dpboard.gov.in |
10. How we respond to your requests — published SLA
In accordance with Rule 14 of the DPDP Rules, 2025, Saral AI is required to publish the timeframes within which we respond to data rights requests. These are binding commitments, not targets:
| Acknowledgement | Within 72 hours of receiving your request |
| Access request | Full response within 30 days |
| Correction request | Correction completed within 30 days |
| Deletion/erasure request | 48-hour pre-deletion notice sent, then deletion completed within 30 days |
| Complex grievances | Resolved within 90 days (the maximum permitted under Rule 14) |
| If we miss the deadline | You may escalate to the Data Protection Board of India at dpboard.gov.in |
11. If there is a data breach
If we become aware of a breach that affects your personal data, we are required under Rule 7 of the DPDP Rules, 2025 to:
- Notify you without delay, in plain language, describing the nature of the breach, what data was affected, what consequences you may face, and what steps we are taking
- Submit a detailed report to the Data Protection Board of India within 72 hours of becoming aware of the breach
- Take immediate steps to contain the breach and prevent further harm
We will notify you via the email address or contact details that are publicly associated with your profile. If you have submitted a removal request and your contact data is no longer in our system, we will make a public notification on our website.
12. How to remove your data — step by step
Per Rule 3(c)(i) of the DPDP Rules, 2025, removing your data must be as easy as any original data collection. Here is the exact process:
- Go to saralhire.ai/remove-my-data
- Enter your full name and the email address associated with your public profile
- Click Submit — that is all that is required. No account, no verification, no additional steps.
- You will receive an acknowledgement within 72 hours
- We will send a 48-hour pre-deletion notice to your email before executing any deletion
- Your profile will be permanently deleted within 30 days
- We will notify all recruiters who accessed your profile to delete their copies within a further 30 days
You can also email privacy@saralhire.ai with the subject line “Remove my data” if you prefer email over the form.
The link to this page appears in: the footer of saralhire.ai, the footer of every recruiter outreach email sent via our platform, and this Privacy Notice. This ensures you can always reach it from any touchpoint.
13. This notice in other languages
In accordance with Rule 3 of the DPDP Rules, 2025 and the Eighth Schedule of the Constitution of India, this Privacy Notice is available in English as the primary language. Translations are available or being prepared in the following Indian languages:
| Available now | English |
| In progress (by May 2027) | Hindi, Tamil, Telugu, Kannada, Bengali, Marathi, Gujarati, Malayalam |
| On request | Any of the 22 languages listed in the Eighth Schedule of the Constitution of India. Write to privacy@saralhire.ai and we will provide a translation within 30 days. |
| Conflict resolution | If any translated version conflicts with this English version, the English version prevails. |
14. Updates to this notice
We review and update this Privacy Notice at least once every 12 months, and additionally whenever the DPDP Act or Rules change, or when our data practices change materially.
If we make a material change, we will publish the updated notice at saralhire.ai/privacy and, where we hold your contact information, send you a direct notification at least 30 days before the change takes effect. The version number and effective date on the cover page will reflect each update.
The current version of this notice is always accessible at saralhire.ai/privacy.
15. How to contact us — and how to complain
15.1 Contact Saral AI directly
| For all data and privacy requests | privacy@saralhire.ai |
| Data removal form | saralhire.ai/remove-my-data |
| Privacy Notice (this document) | saralhire.ai/privacy |
| Data Processing Agreement (for recruiters) | saralhire.ai/legal/dpa |
| Privacy Lead | Co-founder, HeadsIn Connect LLP. |
| Registered entity | HeadsIn Connect LLP., Surat, Gujarat, India |
15.2 If we do not resolve your concern
If you are not satisfied with how we handled your request, you may escalate the matter to the Data Protection Board of India, the statutory authority under the DPDP Act.
| Data Protection Board of India | dpboard.gov.in |
| When to escalate | If you are not satisfied with our response after a reasonable opportunity for resolution |
| What the Board can do | Review complaints and direct appropriate actions as per applicable law |
End of Privacy Notice
HeadsIn Connect LLP. · saralhire.ai · Version 1.0 · April 2026
Compliant with DPDP Act 2023, DPDP Rules 2025 · Rule 3 standalone notice · Rule 8 erasure · Rule 14 grievance SLA · Section 14 nomination right